Terraform Cloud token abuse turns speculative plan into remote code execution

This report explains how attackers (or red teams) can leverage Terraform Cloud speculative plan runs with custom external data sources to gain remote code execution on Terraform runners, harvest injected short‑lived cloud credentials (e.g., GCP tfc-google-application-credentials/tfc-gcp-token and AWS tfc-aws-shared-config/tfc-aws-token or static IAM keys), and bypass VCS-only workflows to alter AWS/GCP infrastructure. It outlines querying workspace settings, executing a reverse shell during a plan run, exporting credentials to cloud CLIs, and recommends defenses including tightly scoped Terraform token permissions, minimizing owner roles, and enforcing Sentinel allow-lists for providers and data sources to block untrusted code execution.